As a security team, you are what you measure. The problem is that too many security teams are tracking vulnerabilities, not measuring risk. This post examines how vital it is for security teams to establish risk-based metrics, offering examples of both the right and wrong measures to use. The paper then looks at the key steps to building risk management… Read more »

We’re thrilled to announce the go-live of our partnership with Exodus, giving us the ability to offer our customers premium access to 0-day data. Many of our customers have sophisticated vulnerability management programs, and they care a great deal about fortifying their efforts with zero-day intelligence. However, zero-day information is extraordinarily difficult to integrate with internal assets and meta data,… Read more »

It’s been an exciting time at Kenna; we recently announced that we closed our Series B funding, a $15M round led by PeakSpan Capital. It’s a milestone that means far less to me in regards to money than it does in regards to the validation of our perspective on security and risk. When Kenna first began this journey, our point-of-view… Read more »

Why the bad blood between InfoSec and Remediation teams? The reality is, they need each other. They just don’t always work alongside each other, or use the same metrics, or see things the same way, or…well, let’s just say there’s a lot of baggage there. Why We Can’t All Just Get Along Within many organizations, security teams and remediation teams… Read more »

One of Kenna’s primary differentiators is its use of external exploit intelligence. It’s that real-time context, informed by Kenna’s own proprietary, patented algorithm, which makes our customers’ vulnerability scan data tell a story. We’re able to provide a “headline news” of what’s happening in our customer’s environments and what threats they need to remediate quickly. (And by the way, when… Read more »

Like it or not, we live in an era of manufactured celebrity and large-scale hype creation. While this can make it easy to keep tabs on movie stars’ relationships, it doesn’t help security teams stay on top of what’s really important. To prioritize their efforts, there are five factors security teams should look at in assessing the true risk of… Read more »

It’s almost budgeting season! (Yes, try to restrain your excitement.) At Kenna, we thought we’d offer a few (admittedly biased) thoughts on how to approach your vulnerability management budgeting process. Here’s a hint: it’s not just about the scanner anymore. It’s about automating the tedious and error-prone processes of prioritization and reporting. Read the full infographic below:

Fighting security threats is hard enough, but it’s pretty much impossible if you’re fighting wrong battles. However, that’s what you’re doing if you’re focused on vulnerability remediation. I see it all the time: Security teams live by their spreadsheets. They have lists of vulnerabilities. They stack rank them by severity, start with the most critical, and commence to work through… Read more »

This month Kenna Security participated in the Verizon data breach report, and for the second year running we used our data to drive the perspective of the vulnerability section. Since then there have been some questions and criticisms of a specific subset of the data referenced in a footnote in the vulnerability section – namely the top 10 vulnerability list…. Read more »

The best part about working in a nascent, yet-unsolved-perhaps-never-to-be-solved industry is that the smartest minds are often struggling with the same problems, and are only a tweet or a phone call away if you need help. I’ve had help from fellow data scientists, NIST and MITRE folk, competitors, practitioners, professors and the like. While rock-star-syndromes are surely out there and… Read more »